[
https://issues.apache.org/jira/browse/HADOOP-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12554874
]
Konstantin Shvachko commented on HADOOP-1298:
---------------------------------------------
The NNThrougputBenchmark is pretty much useless for evaluating performance with
the latest attachment.
The problem is that NameNode uses Server.getUserInfo() static method in order
to get credentials of the user.
NNThrougputBenchmark does not suppose to have any servers, since it directly
calls the name-node methods.
This was totally broken with the previous patch, I fixed it so that Server
performs a login if there are no current calls.
But now the benchmark works forever because it performs login, that is a shell
command, on each call.
So the performance of creates measured by the benchmark drops 100 times.
I hacked it to return my identity instead of doing login to get the right
performance numbers.
The real numbers for creating 10,000 files is around *11 - 12%* lower with this
patch compared to the trunk.
I think this is expected and acceptable. We will be able to optimize it from
here.
But the credential problem should be fixed.
IMHO we should have an explicit login() call in the ClientProtocol, and the
name-node should cache credentials
for each client. This will also work for the NNThrougputBenchmark, which will
be able to call login() directly on the NameNode.
Besides passing credentials with each rpc call is less secure than sending it
just once in login.
We can make it even bulletproof in the future by exchanging private keys
between the client and the server for
the purpose of just this one call when then perform a handshake.
Anyway current solution for passing client credentials looks more like
delivering them through a back door.
This is not introduced by this patch (HADOOP-2184), but should be fixed here
before it is committed.
> adding user info to file
> ------------------------
>
> Key: HADOOP-1298
> URL: https://issues.apache.org/jira/browse/HADOOP-1298
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs, fs
> Affects Versions: 0.16.0
> Reporter: Kurtis Heimerl
> Assignee: Tsz Wo (Nicholas), SZE
> Fix For: 0.16.0
>
> Attachments: 1298_2007-09-22_1.patch, 1298_2007-10-04_1.patch,
> 1298_20071221b.patch, 1298_20071228s.patch, hadoop-user-munncha.patch17,
> HDFSPermissionSpecification5.pdf
>
>
> I'm working on adding a permissions model to hadoop's DFS. The first step is
> this change, which associates user info with files. Following this I'll
> assoicate permissions info, then block methods based on that user info, then
> authorization of the user info.
> So, right now i've implemented adding user info to files. I'm looking for
> feedback before I clean this up and make it offical.
> I wasn't sure what release, i'm working off trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
